Tags: misc 

Rating: 0

Like all the other "... is hard" problems in past PlaidCTF this one is about CVE-2015-3193.
OpenSSL 1.0.2 versions before 1.0.2e on x86_64 contain a bug in the function BN_mod_exp() and sometimes it produces wrong results.
So, the solution is here:
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2015-3193-openssl-vs-gcrypt-modexp.c